Tufin® recently announced the company is working with VMware® to extend Tufin’s Security Policy Orchestration capabilities through the VMware NSX™ network virtualisation platform to provide security managers with a unified security policy experience with central management and automation. Through these interoperable solutions, customers will gain granular visibility and visualisation of network security in software-defined data centres (SDDCs). With this combination, network micro-segmentation can be defined and visualised across both physical and virtual network infrastructure and enforced by firewalls from all leading vendors, including VMware.
“Information security controls must become aware of changes in the infrastructure around them,” writes Neil MacDonald, VP & Gartner Fellow Analyst at Gartner, in a report named ‘The Impact of Software-Defined Data Centres on Information Security’, published 16 October 2012, refreshed 18 August 2014. “At its core, information security policies define connectivity — what users and groups should be able to connect to which types of applications (and, likewise, which should not). Any shift to software-defined infrastructure is incomplete without the enforcement of security policy compliance in terms of connectivity.”
Software-defined data centres enable greatly improved operational efficiencies and agility, as well as fundamentally better security. With VMware NSX, networks can be programmatically managed, allowing networking and security services to be provisioned in minutes throughout the data centre. Micro-segmentation allows unit-level security controls to be implemented in a scalable and cost-effective manner both within and between data centres.
Tufin and VMware have collaborated to deliver end-to-end visibility into the security of virtual and physical environments. The combination of the Tufin Orchestration Suite with VMware NSX will help automate the design, provisioning, analysis and auditing of network security policy changes, from the application layer down to the network layer. Available by October 2014, this solution will help streamline micro segmentation, speed up application deployments, and automate security policy change processes.
“Micro-segmentation is the key to a Zero Trust model, and with VMware NSX™, customers can have an economically and operationally feasible way to deploy micro-segmentation to transform data centre security architecture,” said Hatem Naguib, vice president, networking and security, VMware. “The combination of VMware NSX and the Tufin Orchestration Suite™ will enable customers to maintain a unified Security Policy across their physical and virtual environments."
“The software-defined data centre is positioned to revolutionise network security," said Reuven Harrison, CTO at Tufin. "The ability to enforce micro-segmentation through the isolated hypervisor layer is a game-changer, but to fully reap its benefits, security managers need to control and manage it as part of their organisational policies and processes. Tufin’s collaboration with VMWare ensures NSX becomes part of a consolidated plane of management and provides the level of control needed to enforce a tight, consistent security policy across the entire datacentre."
Security Policy Orchestration for the Software Defined Data Centre
The interoperable Tufin Orchestration Suite and VMware NSX solution will address these challenges by delivering the ability to:
- Manage and control micro-segmentation across heterogeneous networks
- Centrally manage security policies on firewalls, routers and switches throughout the entire physical and virtual data-centres via a single interface
- Assess the risk posture and perform risk assessment before making policy changes
- Perform real-time compliance monitoring, analysis and alerts on NSX security policy changes
- Continuously track security policy configuration changes across enterprise firewalls
The interoperable solution will help enterprises to realise the full agility, efficiency and cost benefits of a Software-Defined Data Centre, while ensuring network resources are protected by business- appropriate security policies.
